Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook

On 10/14/2015 05:41 AM, Lukasz Pawelczyk wrote: > Add a new LSM hook called before inode's setxattr. It is required for > LSM to be able to reliably replace the xattr's value to be set to > filesystem in __vfs_setxattr_noperm(). Useful for mapped values, like in > the upcoming Smack namespace

[PATCH v2] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()

Any process is able to send netlink messages with invalid types. Make the warning rate-limited to prevent too much log spam. The warning is supposed to help to find misbehaving programs, so print the triggering command name and pid. Signed-off-by: Vladis Dronov ---

Re: [PATCH v3] capabilities.7, prctl.2: Document ambient capabilities

On Tue, Nov 03, 2015 at 03:42:17PM -0800, Andy Lutomirski wrote: > Reviewed-by: Kees Cook > Signed-off-by: Andy Lutomirski Looks good, thanks. Acked-by: Serge Hallyn > --- > > Changes from v2: Add a note about arg3 == 0 in

Re: RFC rdma cgroup

On 03/11/2015 21:11, Parav Pandit wrote: > So it looks like below, > #cat rdma.resources.verbs.list > Output: > mlx4_0 uctx ah pd cq mr mw srq qp flow > mlx4_1 uctx ah pd cq mr mw srq qp flow rss_wq What happens if you set a limit of rss_wq to mlx4_0 in this example? Would it fail? I think it

[PATCH] selinux: rate-limit unrecognized netlink message warnings in selinux_nlmsg_perm()

Any process is able to send netlink messages with invalid types. Make the warning rate-limited to prevent too much log spam. The warning is supposed to hel Reported-by: Florian Weimer Signed-off-by: Vladis Dronov --- security/selinux/hooks.c | 7 +++